GrandCrab Ransomware Sold as RAAS on Russian Dark Web

About GrandCrab Ransomware

Recently, GrandCrab Ransomware was sold as RAAS on Russian Dark web to the potential buyers . This was confirmed after Ads in Russian Language were uncovered. Being declared as a Ransomware-as-a-Service, GandCrab is a harassing malware infection reported by Australian cyber-security researcher namely LMNTRIX have confirmed getting sold on the black market for undefined money. Extortionists in the case of this precarious malware infection do promotes it as a RaaS on various Russian-speaking underground forums for the sake of earning high income.

Identical to those of several other RaaS projects, GandCrab is also in usage (i.e., being participated) by around thousands of people in several underground forums asking offenders or extortionists for instructions on how to manage to earn dollars without being notified. The sole intention of people behind joining the forums is to join the black market. Here people are required to make payment of a defined amount of crypto-currency coins for getting the instructions on how to customize as well as propagate the purchased ransomware and moreover dives into the hunting.

GandCrab – The only ransomware accepting Dash coins

As illustrated above, GandCrab is a menacing file encrypting ransomware threat that unlike those of it’s predecessors, makes usage of RID and GandSoft exploit keys which are implemented through malvertising namely Seamless. Threat once executed, encrypts the files stored in the system and appends the ‘.GDCB’ extension onto their respective ends. Infection moreover following this, generates a text file namely ‘GDCB-DECRYPT.txt’ onto the desktop. Experts have reported this note instructing victims to make payment of 1.54 DASH ransom (approx $1200). Up till now, it is the solo ransomware threat that do accesses Dash coins.

GandCrab’s Partners are asked not to target Russian-speaking countries

Technologists have notified GandCrab developers offering the partners 60% of the revenue with a possibility that it would get increase the share to around 70%. Threat’s developers regarding accommodation with it’s partners, do also accommodates future partners with technical support as well as updates. However each and every service or piece of information requires a fee.

Before making a deal, GandCrab propagators entices it’s partners to surpass the countries which now comprises the Commonwealth of Independent States (i.e., Azerbaijan, Armenia, Kazahstan, Belarus, Moldova, Kyrgyzstan, Russia, Tajikistan and Uzbekistan). For inducing the undecided cyber-crooks-to-be, the threat authors do share claims about the limited number of alliance members.

Currently, the number of licenses sold by GandCrab extortionists is not known, however assumptions are high that it should not have exceeded 10.